Hi list, first some stats: Ten weeks without internet access (actually without a phone line) directly translate into 11000+ messages on Debian User -- Argh! Once again, thanks to my telco "Deutsche Telekom" for their great service. Not.
Anyway, guess I had a lot of time for reading and catching up on system administration. Here are my first questions: What's the advantage of RSA Authentication vs. Password Authentication except that under the first one the sshd server does not trust the client unless he has authorized himself with a key listed in authorized keys. This is desireable if the the client resides on the internet and can't be trusted, but on my local network that's not an issue. However, if I disable the fallback to Password Authentication I can only log in from clients, that I have previously generated a key for and added to my authorized_keys database -- not practical, if I want to be able to log into my system from anywhere in the world. So disabling fallback is not an option, rendering the RSA Authentication useless. The key from an untrusted client needs of course to be protected with a passphrase, otherwise it may be easily compromised by the client's root and allow connections to my system without providing a password -- big security hole. But what about keys from clients from my trusted local network. In order to get them one has to get access to the local machine first, and then they are useless, because the intruder has already access to my machine. Unless of course, a user key has no passphrase and is listed in root's authorized_keys file. Then an intruder of my user account has instant root access on my machine -- but how likely is this? Having no passphrase on user keys of the local network makes managing it very convenient. Okay, anybody with more understanding of ssh help me out? BTW, I'm still running ssh 1.2.26 protocol version 1.5 that comes with slink, but the issues should be the same with protocol version 2.0. TIA, Viktor -- Viktor Rosenfeld E-Mail: mailto:[EMAIL PROTECTED] HertzSCHLAG: http://www.informatik.hu-berlin.de/~rosenfel/hs/
